Forward looking IT security pros need to better address known risks, monitor closely the value of shadow IT devices and solve the inherent weaknesses introduced by the internet of things, Gartner says.
The consulting firm has taken a look at five key areas of security concern that businesses face this year and issued predictions on and recommendations about protecting networks and data from threats that will likely arise in each.
The areas are threat and vulnerability management, application and data security, network and mobile security, identity and access management, and Internet of Things security. Gartner’s findings were revealed at its recent Security and Risk Management Summit by analyst Earl Perkins.
One overriding recommendation is that businesses must be aware that delaying security measures in an effort to avoid disrupting business can be a false economy.
He recommends that security pros should make decisions about protecting networks and resources based on the range of risks that known weaknesses represent to the business and its goals. Rather than thinking about their role purely as protecting, they should look at it as facilitating successful business outcomes.
Here are the predictions and recommendations:
Threat and vulnerability management
Prediction: “Through 2020, 99% of vulnerabilities exploited will continue to be ones known by security and IT professionals for at least one year.”
With attackers looking for vulnerabilities in applications as well as exploitable configurations, it’s important for businesses to patch vulnerabilities in a timely fashion. If they don’t, they stand to lose money through damage to systems and theft of data.
Prediction: “By 2020, a third of successful attacks experienced by enterprises will be on their shadow IT resources.”
An area of growing concern is the introduction of new technologies by business units without vetting by the security team, Perkins says. Avoiding that review and the fact that many of these technologies are new and still contain vulnerabilities makes them susceptible to attacks.
Application and data security
Prediction: “By 2018, the need to prevent data breaches from public clouds will drive 20% of organizations to develop data security governance programs.”
Data security governance will be promoted by insurance companies that will set cyber premiums based on whether businesses have these programs in place.
Prediction: “By 2020, 40% of enterprises engaged in DevOps will secure developed applications by adopting application security self-testing, self-diagnosing and self-protection technologies.”
Here Perkins looks to maturing technology called runtime application self-protection (RASP) as a way to avoid vulnerabilities in applications that might result from problems overlooked due to the rapid pace at which DevOps teams work. RASP does its work rapidly and accurately to provide protection against vulnerabilities that might be exploited, he says.
Network and Mobile Security
Sign up for Computerworld eNewsletters.